ARG_ENABL_SET([eap-aka], [enable EAP AKA authentication module.])
ARG_ENABL_SET([eap-aka-3gpp2], [enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp.])
ARG_ENABL_SET([eap-mschapv2], [enable EAP MS-CHAPv2 authenication module.])
+ARG_ENABL_SET([eap-tls], [enable EAP TLS authenication module.])
ARG_ENABL_SET([eap-radius], [enable RADIUS proxy authenication module.])
ARG_DISBL_SET([kernel-netlink], [disable the netlink kernel interface.])
ARG_ENABL_SET([kernel-pfkey], [enable the PF_KEY kernel interface.])
AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue)
AM_CONDITIONAL(USE_EAP_AKA_3GPP2, test x$eap_aka_3gpp2 = xtrue)
AM_CONDITIONAL(USE_EAP_MSCHAPV2, test x$eap_mschapv2 = xtrue)
+AM_CONDITIONAL(USE_EAP_TLS, test x$eap_tls = xtrue)
AM_CONDITIONAL(USE_EAP_RADIUS, test x$eap_radius = xtrue)
AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue)
AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue)
src/libcharon/plugins/eap_simaka_pseudonym/Makefile
src/libcharon/plugins/eap_simaka_reauth/Makefile
src/libcharon/plugins/eap_mschapv2/Makefile
+ src/libcharon/plugins/eap_tls/Makefile
src/libcharon/plugins/eap_radius/Makefile
src/libcharon/plugins/kernel_netlink/Makefile
src/libcharon/plugins/kernel_pfkey/Makefile
--- /dev/null
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+
+AM_CFLAGS = -rdynamic
+
+plugin_LTLIBRARIES = libstrongswan-eap-tls.la
+
+libstrongswan_eap_tls_la_SOURCES = eap_tls_plugin.h eap_tls_plugin.c \
+ eap_tls.h eap_tls.c
+libstrongswan_eap_tls_la_LDFLAGS = -module -avoid-version
--- /dev/null
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "eap_tls.h"
+
+#include <daemon.h>
+#include <library.h>
+
+typedef struct private_eap_tls_t private_eap_tls_t;
+
+/**
+ * Private data of an eap_tls_t object.
+ */
+struct private_eap_tls_t {
+
+ /**
+ * Public interface.
+ */
+ eap_tls_t public;
+
+ /**
+ * ID of the server
+ */
+ identification_t *server;
+
+ /**
+ * ID of the peer
+ */
+ identification_t *peer;
+
+ /**
+ * Is this method instance acting as server?
+ */
+ bool is_server;
+};
+
+METHOD(eap_method_t, initiate, status_t,
+ private_eap_tls_t *this, eap_payload_t **out)
+{
+ return FAILED;
+}
+
+METHOD(eap_method_t, process, status_t,
+ private_eap_tls_t *this, eap_payload_t *in, eap_payload_t **out)
+{
+ return FAILED;
+}
+
+METHOD(eap_method_t, get_type, eap_type_t,
+ private_eap_tls_t *this, u_int32_t *vendor)
+{
+ *vendor = 0;
+ return EAP_TLS;
+}
+
+METHOD(eap_method_t, get_msk, status_t,
+ private_eap_tls_t *this, chunk_t *msk)
+{
+ return FAILED;
+}
+
+METHOD(eap_method_t, is_mutual, bool,
+ private_eap_tls_t *this)
+{
+ return TRUE;
+}
+
+METHOD(eap_method_t, destroy, void,
+ private_eap_tls_t *this)
+{
+ this->peer->destroy(this->peer);
+ this->server->destroy(this->server);
+ free(this);
+}
+
+/**
+ * Generic private constructor
+ */
+static eap_tls_t *eap_tls_create(identification_t *server,
+ identification_t *peer, bool is_server)
+{
+ private_eap_tls_t *this;
+
+ INIT(this,
+ .public.eap_method = {
+ .initiate = _initiate,
+ .process = _process,
+ .get_type = _get_type,
+ .is_mutual = _is_mutual,
+ .get_msk = _get_msk,
+ .destroy = _destroy,
+ },
+ .peer = peer->clone(peer),
+ .server = server->clone(server),
+ .is_server = is_server,
+ );
+ return &this->public;
+}
+
+eap_tls_t *eap_tls_create_server(identification_t *server,
+ identification_t *peer)
+{
+ return eap_tls_create(server, peer, TRUE);
+}
+
+eap_tls_t *eap_tls_create_peer(identification_t *server,
+ identification_t *peer)
+{
+ return eap_tls_create(server, peer, FALSE);
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup eap_tls eap_tls
+ * @{ @ingroup eap_tls
+ */
+
+#ifndef EAP_TLS_H_
+#define EAP_TLS_H_
+
+typedef struct eap_tls_t eap_tls_t;
+
+#include <sa/authenticators/eap/eap_method.h>
+
+/**
+ * Implementation of eap_method_t using EAP-TLS.
+ */
+struct eap_tls_t {
+
+ /**
+ * Implements eap_method_t interface.
+ */
+ eap_method_t eap_method;
+};
+
+/**
+ * Creates the EAP method EAP-TLS acting as server.
+ *
+ * @param server ID of the EAP server
+ * @param peer ID of the EAP client
+ * @return eap_tls_t object
+ */
+eap_tls_t *eap_tls_create_server(identification_t *server,
+ identification_t *peer);
+
+/**
+ * Creates the EAP method EAP-TLS acting as peer.
+ *
+ * @param server ID of the EAP server
+ * @param peer ID of the EAP client
+ * @return eap_tls_t object
+ */
+eap_tls_t *eap_tls_create_peer(identification_t *server,
+ identification_t *peer);
+
+#endif /** EAP_TLS_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "eap_tls_plugin.h"
+
+#include "eap_tls.h"
+
+#include <daemon.h>
+
+
+METHOD(plugin_t, destroy, void,
+ eap_tls_plugin_t *this)
+{
+ charon->eap->remove_method(charon->eap,
+ (eap_constructor_t)eap_tls_create_server);
+ charon->eap->remove_method(charon->eap,
+ (eap_constructor_t)eap_tls_create_peer);
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+ eap_tls_plugin_t *this;
+
+ INIT(this,
+ .plugin.destroy = _destroy,
+ );
+
+ charon->eap->add_method(charon->eap, EAP_TLS, 0, EAP_SERVER,
+ (eap_constructor_t)eap_tls_create_server);
+ charon->eap->add_method(charon->eap, EAP_TLS, 0, EAP_PEER,
+ (eap_constructor_t)eap_tls_create_peer);
+
+ return &this->plugin;
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup eap_tls eap_tls
+ * @ingroup cplugins
+ *
+ * @defgroup eap_tls_plugin eap_tls_plugin
+ * @{ @ingroup eap_tls
+ */
+
+#ifndef EAP_TLS_PLUGIN_H_
+#define EAP_TLS_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct eap_tls_plugin_t eap_tls_plugin_t;
+
+/**
+ * EAP-TLS plugin
+ */
+struct eap_tls_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+/**
+ * Create a eap_tls_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /** EAP_TLS_PLUGIN_H_ @}*/
{"md5", EAP_MD5},
{"otp", EAP_OTP},
{"gtc", EAP_GTC},
+ {"tls", EAP_TLS},
{"sim", EAP_SIM},
{"aka", EAP_AKA},
{"mschapv2", EAP_MSCHAPV2},
"EAP_MD5",
"EAP_OTP",
"EAP_GTC");
-ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_GTC,
+ENUM_NEXT(eap_type_names, EAP_TLS, EAP_TLS, EAP_GTC,
+ "EAP_TLS");
+ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_TLS,
"EAP_SIM");
ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_SIM,
"EAP_AKA");
EAP_MD5 = 4,
EAP_OTP = 5,
EAP_GTC = 6,
+ EAP_TLS = 13,
EAP_SIM = 18,
EAP_AKA = 23,
EAP_MSCHAPV2 = 26,
{
conn->eap_type = 6;
}
+ else if (streq(kw->value, "tls"))
+ {
+ conn->eap_type = 13;
+ }
else if (streq(kw->value, "mschapv2"))
{
conn->eap_type = 26;
.BR eap-aka ,
.BR eap-gtc ,
.BR eap-md5 ,
+.BR eap-tls ,
.B eap-mschapv2
and
.BR eap-sim .
projects / thirdparty / strongswan.git / commitdiff
